Skip to content

Commit 6145596

Browse files
authored
fix(audit): decouple error visibility from verbose flag in AuditWorkflowRun (#30939)
1 parent c5b6746 commit 6145596

1 file changed

Lines changed: 65 additions & 26 deletions

File tree

pkg/cli/audit.go

Lines changed: 65 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -449,38 +449,56 @@ func AuditWorkflowRun(ctx context.Context, runID int64, owner, repo, hostname st
449449

450450
// Fetch detailed job information including durations
451451
jobDetails, err := fetchJobDetails(run.DatabaseID, verbose)
452-
if err != nil && verbose {
453-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to fetch job details: %v", err)))
452+
if err != nil {
453+
auditLog.Printf("fetchJobDetails failed: %v", err)
454+
if verbose {
455+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to fetch job details: %v", err)))
456+
}
454457
}
455458

456459
// Extract missing tools
457460
missingTools, err := extractMissingToolsFromRun(runOutputDir, run, verbose)
458-
if err != nil && verbose {
459-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to extract missing tools: %v", err)))
461+
if err != nil {
462+
auditLog.Printf("extractMissingToolsFromRun failed: %v", err)
463+
if verbose {
464+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to extract missing tools: %v", err)))
465+
}
460466
}
461467

462468
// Extract missing data
463469
missingData, err := extractMissingDataFromRun(runOutputDir, run, verbose)
464-
if err != nil && verbose {
465-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to extract missing data: %v", err)))
470+
if err != nil {
471+
auditLog.Printf("extractMissingDataFromRun failed: %v", err)
472+
if verbose {
473+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to extract missing data: %v", err)))
474+
}
466475
}
467476

468477
// Extract noops
469478
noops, noopErr := extractNoopsFromRun(runOutputDir, run, verbose)
470-
if noopErr != nil && verbose {
471-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to extract noops: %v", noopErr)))
479+
if noopErr != nil {
480+
auditLog.Printf("extractNoopsFromRun failed: %v", noopErr)
481+
if verbose {
482+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to extract noops: %v", noopErr)))
483+
}
472484
}
473485

474486
// Extract MCP failures
475487
mcpFailures, err := extractMCPFailuresFromRun(runOutputDir, run, verbose)
476-
if err != nil && verbose {
477-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to extract MCP failures: %v", err)))
488+
if err != nil {
489+
auditLog.Printf("extractMCPFailuresFromRun failed: %v", err)
490+
if verbose {
491+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to extract MCP failures: %v", err)))
492+
}
478493
}
479494

480495
// Analyze access logs if available
481496
accessAnalysis, err := analyzeAccessLogs(runOutputDir, verbose)
482-
if err != nil && verbose {
483-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to analyze access logs: %v", err)))
497+
if err != nil {
498+
auditLog.Printf("analyzeAccessLogs failed: %v", err)
499+
if verbose {
500+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to analyze access logs: %v", err)))
501+
}
484502
}
485503

486504
// Analyze firewall/gateway data only when the agent artifact was downloaded.
@@ -496,8 +514,11 @@ func AuditWorkflowRun(ctx context.Context, runID int64, owner, repo, hostname st
496514
var tokenUsageSummary *TokenUsageSummary
497515
if hasFirewallArtifact {
498516
firewallAnalysis, err = analyzeFirewallLogs(runOutputDir, verbose)
499-
if err != nil && verbose {
500-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to analyze firewall logs: %v", err)))
517+
if err != nil {
518+
auditLog.Printf("analyzeFirewallLogs failed: %v", err)
519+
if verbose {
520+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to analyze firewall logs: %v", err)))
521+
}
501522
}
502523

503524
// Supplement firewall analysis with blocked domains extracted directly from
@@ -513,39 +534,57 @@ func AuditWorkflowRun(ctx context.Context, runID int64, owner, repo, hostname st
513534

514535
// Analyze firewall policy artifacts if available (policy-manifest.json + audit.jsonl)
515536
policyAnalysis, err = analyzeFirewallPolicy(runOutputDir, verbose)
516-
if err != nil && verbose {
517-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to analyze firewall policy: %v", err)))
537+
if err != nil {
538+
auditLog.Printf("analyzeFirewallPolicy failed: %v", err)
539+
if verbose {
540+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to analyze firewall policy: %v", err)))
541+
}
518542
}
519543

520544
// Extract MCP tool usage data from gateway logs
521545
mcpToolUsage, err = extractMCPToolUsageData(runOutputDir, verbose)
522-
if err != nil && verbose {
523-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to extract MCP tool usage: %v", err)))
546+
if err != nil {
547+
auditLog.Printf("extractMCPToolUsageData failed: %v", err)
548+
if verbose {
549+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to extract MCP tool usage: %v", err)))
550+
}
524551
}
525552

526553
// Analyze token usage from firewall proxy logs
527554
tokenUsageSummary, err = analyzeTokenUsage(runOutputDir, verbose)
528-
if err != nil && verbose {
529-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to analyze token usage: %v", err)))
555+
if err != nil {
556+
auditLog.Printf("analyzeTokenUsage failed: %v", err)
557+
if verbose {
558+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to analyze token usage: %v", err)))
559+
}
530560
}
531561
}
532562

533563
// Analyze redacted domains if available
534564
redactedDomainsAnalysis, err := analyzeRedactedDomains(runOutputDir, verbose)
535-
if err != nil && verbose {
536-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to analyze redacted domains: %v", err)))
565+
if err != nil {
566+
auditLog.Printf("analyzeRedactedDomains failed: %v", err)
567+
if verbose {
568+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to analyze redacted domains: %v", err)))
569+
}
537570
}
538571

539572
// Analyze GitHub API rate limit consumption from github_rate_limits.jsonl
540573
rateLimitUsage, err := analyzeGitHubRateLimits(runOutputDir, verbose)
541-
if err != nil && verbose {
542-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to analyze GitHub rate limit usage: %v", err)))
574+
if err != nil {
575+
auditLog.Printf("analyzeGitHubRateLimits failed: %v", err)
576+
if verbose {
577+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to analyze GitHub rate limit usage: %v", err)))
578+
}
543579
}
544580

545581
// List all artifacts
546582
artifacts, err := listArtifacts(runOutputDir)
547-
if err != nil && verbose {
548-
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to list artifacts: %v", err)))
583+
if err != nil {
584+
auditLog.Printf("listArtifacts failed: %v", err)
585+
if verbose {
586+
fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to list artifacts: %v", err)))
587+
}
549588
}
550589

551590
currentCreatedItems := extractCreatedItemsFromManifest(runOutputDir)

0 commit comments

Comments
 (0)